You'll need PHP >= 7.4 and Laravel 6.x, 7.x or 8.x.
A demo project is available at laravel-challenge-demo, see this commit to view how simple it is to implement.
composer require boxed-code/laravel-challenge then run the databse migrations using ./artisan migrate
Modify your User model class to implement \BoxedCode\Laravel\Auth\Challenge\Contracts\Challengeable and either optionally use the BoxedCode\Laravel\Auth\Challenge\Challengeable trait or implement the the methods defined in the contract yourself.
Next you must add the middleware \BoxedCode\Laravel\Auth\Challenge\Http\Middleware\RequireAuthentication to the routes you would like to protect or simply add it to the global stack
Login an enrol yourself to the default 'email' authentication method at http://localhost/tfa/email/enrol, then logout and in again to be challenged for 2FA via email.
- Overview
- Configuration options (challengeable.php)
- Authentication methods
- Enabling default methods
- Twilio SMS
- Twilio Voice (WIP)
- Google Authenticator [OTP]
- Password (WIP)
- Custom notification based authentication methods
- Custom authentication methods
- Enabling default methods
- Challenges
- Token Generators
- Lifetimes & Periodic Re-authentication
- Custom Repositories
- Authentication for different purposes & lifetimes
- Skining / Theming views
- Events
MIT